Observations on articles I read to keep current about technology. My interests are: Privacy, security, business, the computer industry, and geeky stuff that catches my eye.

I don't think I have an agenda beyond my own amusement.

Note that I lump all my comments into a single post. This is not a typical BLOG technique, It's just an indication that I'm lazy.

Saturday, March 05, 2011

The next Privacy Foundation Seminar “Legal Ethics and Privacy in Cloud Computing” is scheduled for Friday, March 18, 2011. This isn't on their website yet (hint, hint) but as usual, you can contact Diane Bales at 303-871-6580 for details. For a mere $20 you get the seminar and lunch.

From Gary Alexander: Oops. A minor error that requires a lot of effort to undo.

More than 6,000 Missouri State University students have had their social security numbers compromised.

… According to MSU, in October and November of last year, the College of Education prepared nine lists of students, which included social security numbers. Those lists were meant to be posted on a secure server for personnel preparing the students' accreditation.

It wasn't meant to be seen by anyone outside the school and people involved in that process. However, the school says the lists were accessible to the general public and ended up on Google.

… The university says since it discovered the breach, it has worked with Google to pull the lists so there are minimal "hits."

… Google stores information, so the school had to work all the way until last weekend to get rid of those copies.

Here we go again: After a six hour shutdown about two weeks ago, traffic monitors are once again reporting that Libya has lost internet connectivity, most notably that search queries to Google from Libya have flatlined starting around a day ago.

Unlike the last time Libya went offline and the process used to shut down the connectivity in Egypt (where Internet service providers simply shut down their servers) someone has come up with a more technologically advanced way of taking the country offline this time. According to Rensys the routes in Libya are still up, but there is no data packet traffic on the still open routes as the traffic is “blackholed” right before it enters the Libyan netspace.

Watch your mouth tweet! Will lawyers search (automated, of course) for potentially libelous statements and then offer to settle?

… "The fact is that this case shows that the forum upon which you communicate makes no difference in terms of potential legal exposure," Freedman said. "Disparaging someone on Twitter does not excuse one from liability."

Love's attorney, Jim Janowitz, said the settlement actually saved the rocker money. "This is a case where the economics of the case didn't make a lot of sense for either side," he said, noting that the costs of going to trial would have been large.

… Sony told Spero, a San Francisco magistrate, that it needed the information for at least two reasons.

One is to prove the “defendant’s distribution” of the hack.

The other involves a jurisdictional argument over whether Sony must sue Hotz in his home state of New Jersey rather than in San Francisco, which Sony would prefer. Sony said the server logs would demonstrate that many of those who downloaded Hotz’s hack reside in Northern California — thus making San Francisco a proper venue for the case.

Jokes about Hillary Clinton being a TWITerer aside, the voice on the video sounds to me like a better version of a computer generated voice. The phrasing and hesitations are very similar to a computer searching for the next word/phrase. What do you think?

Apps@State: "Use the communications tools at your disposal to spread your values...by creating your own networks you can extend the power of governments to end hunger, defeat disease, combat climate change and give every child the ability to live up to his or her God-given potential." HILLARY RODHAM CLINTON, Secretary of State

I wanted to make a video, hopefully a funny one with some creativity, that shows the positive power of e-discovery skills and knowledge. I am trying to show what can happen when a properly trained attorney meets a typical e-discovery illiterate.

I don’t know what other correspondence CBR sent those affected but their Feb. 14 letter does not include any description at all of what happened or what types of information were involved. Hopefully, such information was in the FAQ they sent which was not uploaded. The police report indicates that the theft occurred in San Francisco on December 13, 2010. I cannot find any statement on CBR’s web site at this time.

I contacted CBR to request additional details. A corporate spokesperson sent me the following statement:

As a company we are doing everything we can to help make customers feel secure after being victims ourselves of a crime. Notifications went out to approximately 300,000 people. The tapes may have contained personal client data. A computer and other property were also stolen at the same time, and we do not believe these tapes were the target of the theft. CBR promptly notified law enforcement of the incident and we brought in computer security experts to evaluate potential risks. Our experts have advised us there is no indication at this time that any of the personal data has been accessed or misused. In order to provide clients with additional protection and peace of mind, we have arranged for clients to sign up for a one-year credit protection program at no charge.

According to the spokesperson’s statement, CBR is not a HIPAA-covered entity and the breach did not involve any health information. The spokesperson did not directly respond to an inquiry asking whether cvv codes were also stored on the backup tapes or computer with credit card numbers, but noted that the type of information was different for different individuals.

In response to the incident, CBR has strengthened its security:

We have taken extra steps on behalf of our customers in providing the credit monitoring free of charge. CBR has also strengthened and tightened our data security procedures. We hired security experts and implemented a number of improvements to protect our client data. The company continues to monitor these processes but will not share any details of these changes in order to preserve the integrity of the security mechanisms. The data on the tapes was not encrypted. We recognize that the loss of unencrypted data poses a risk, and that’s why we sent out the notices to our customers.

Three teenagers who founded and operated one of the world's largest English-language internet crime forums, described in court as "Crimebook", have been sentenced to up to five years in custody.

Police estimate that losses from the thousands of credit details traded over the site, Gh0stMarket.net, amount to £16.2m. The web forum, which had 8,000 members worldwide, has been linked to hundreds of thousands of pounds of registered losses on 65,000 bank accounts.

… After seizing Webber's laptop, police discovered details of 100,000 stolen credit cards and a trail back to the Gh0stMarket website

… The site contained manuals such as "14 ways of hacking credit cards" and "running cards on eBay" and information on staying anonymous. It sold hacking software and instructions on how to manufacture crystal meth and explosives.

Elkan Abramowitz and Barry A. Bohrer write in the New York Law Journal:

Uncertainty regarding the application of the Fourth Amendment to computers, e-mail, and other digitized information[FOOTNOTE 1]has a significant impact on those accused of white-collar crime because so much of the evidence in white-collar cases derives from those sources.[FOOTNOTE 2] This article examines recent decisions on the Fourth Amendment’s application to digital evidence, noting a number of open and controversial questions that seem ripe for adjudication by the U.S. Supreme Court. A recent decision from the Court indicates a reluctance to address such issues, however.

This has been a favorite topic of much speculation among tech enthusiasts for many years. I think we are already witnessing a paradigm shift – a move away from simple social sharing towards personalized, relevant content.

The key element of the next big thing is the increasing significance of the Interest Graph to complement the Social Graph. While Facebook, Twitter, and Google are already working on delivering relevant content, a slew of startups are focusing exclusively on it.

Relevance is the only solution to the problem of information overload.

"One complaint made of the modern stock market is that it is concerned too much on the short term. A second is a long time in cash-equities trading. Four or five years ago, trading firms started to talk of trading speeds in terms of milliseconds. But in recent weeks trading geeks have started to talk about picoseconds, in what is a truly mind-boggling concept: a picosecond is one trillionth of a second. Put another way, a picosecond is to one second what one second is to 31,700 years."

Security and privacy are some of the major concerns these days while using internet. The Web browser is one of the most used and exploited application that is used by most of the people as it is considered to be the primary connection to the rest of the internet. Multiple applications may depend on your browser, or elements within your browser, to function and this thing makes the security settings even more important within your browser. To increase your browsing experience, many web applications enable different types of functionalities. But unfortunately, sometimes these functionalities might be unnecessary and may leave you at risk to be attacked. So the safest way is to disable the major of such features, unless or until you find them very necessary. This article is devoted to help you out in understanding the flaws and vulnerabilities of Web browser software and to use your Web browser securely through the best security extensions.

The theft of a hospital laptop containing the details of more than 1500 patients could have been an inside job trust bosses have been told.

The computer, stolen from Calderdale Royal Hospital, contained 1,569 patient records including names, dates of birth and addresses when it was noticed missing on November 22 last year.

Now a report by Calderdale and Huddersfield NHS Foundation Trust board members has concluded the computer, which was in the neurophysiology department, would probably have been filched during working hours.

"Cybercrime's underground activity, much like a Middle Eastern bazaar, is a loud and boisterous market. Buying, selling, haggling and cheating all take place in these marketplaces. Each marketplace houses other specialized-markets of illegitimate goods. There's the credit cards market, the bot rental market, another one for viruses, and one more for the credentials – to name a few. The column discusses how cybercriminals communicate, how these markets operate and how hacker transactions are being performed."

Remember , radiation levels drop at the square of the distance. If current scanners work at one meter, one that works at ten meters will require 100 times more power...

Documents obtained Tuesday by the Electronic Privacy Information Center suggest that the U.S. Department of Homeland Security has signed contracts for the development of mobile and static systems that can be used scan pedestrians and people at rail and bus stations and special event venues — apparently at times without their knowledge.

The documents indicate that DHS moved to develop the technology as part of an effort to bolster the ability of law enforcement personnel to quickly detect concealed bombs and other explosives on individuals.

The EPIC lawsuit argues that the machines are invasive, ineffective and unsafe. “I view this as an uncontrolled radiological experiment,” said John Verdi, an EPIC attorney on the case.

For Sedat, the alleged safety issue is the important one. Of concern to him and other health critics are the backscatter X-ray body scanners produced by Rapiscan Systems, which the TSA began rolling out last year.

… The Johns Hopkins University Applied Physics Laboratory, which analyzed the Rapiscan 1000 at the company’s Los Angeles office, published the leading and most often-cited study (.pdf) in October. The 49-page report, released in a redacted form, concludes that the machines leak virtually no radiation to TSA staff and nearby passengers, and expose the traveler being scanned to only a fraction of the maximum exposure level deemed medically safe.

… Sedat counters that the mechanical beam’s intensity level has not been published, making it impossible to evaluate the safety claims. “I want a real hard number in terms of photons per some unit of area,” he said. “The one physical quantity that is crucial for determining what dose a person is getting, that data is missing.”

Moreover, standard medical X-ray machines disperse radiation throughout the body, whereas the airport scanners penetrate to about skin level. That means there is a high concentration of radiation on a single organ — the skin — which was not accounted for in the Johns Hopkins report, Sedat said.

Future demand levels are significantly higher than today's. Will providers “build out” their networks, or try to “limit” bandwidth?

"Cisco has released a whitepaper on mobile data usage which has some interesting data in it. The top 1% of users consume 20% of the bandwidth, but that share is down from 30% previously. 'Regular' users are catching up as they watch more video. High-bandwidth users of today will be relatively average users by 2015, so network operators should look to those users for insight in designing their future networks."

As a democratic revolution led by tech-empowered young people sweeps the Arab world, Wadah Khanfar, the head of Al Jazeera, shares a profoundly optimistic view of what's happening in Egypt, Tunisia, Libya and beyond -- at this powerful moment when people realized they could step out of their houses and ask for change.

Wednesday, March 02, 2011

In an 8-0 ruling with Justice Kagan recused, the Supreme Court has reversed a Third Circuit decision in FCC v. AT&T(No. 09-1279). The upshot of the ruling is that corporations cannot withhold information or block its release in response to a freedom of information request by claiming that the information is protected under the personal privacy exemption to FOIA (Exemption 7c).

Joan Biskupic of USA Today reports:

Writing for the court, Chief Justice John Roberts emphasized that, ” ‘Personal’ ordinarily refers to individuals. We do not usually speak of personal characteristics, personal effects, personal correspondence, personal influence or personal tragedy as referring to corporations or other artificial entities.”

The chief justice acknowledged that “adjectives typically reflect the meaning of corresponding nouns but not always” and cited as examples “corn” and “corny,” and “crank” and “cranky.”

More broadly, Roberts said that when it comes to the word “personal,” little support exists, even in the law, for the notion that it refers to corporations.

He closed the decision against the telecommunications giant with a bit of levity: “We trust that AT&T will not take it personally.”

"Firmware built into many solid state drives (SSDs) to improve their storage efficiency could be making forensic analysis at a later date by police forces and intelligence agencies almost impossible to carry out to legally safe standards, Australian researchers have discovered. They found that SSDs start wiping themselves within minutes after a quick format (or a file delete or full format) and can even do so when disconnected from a PC and rigged up to a hardware blocker."

So either SSDs are really hard to erase, or really hard to recover. I'm so confused.

CrocoDoc is an excellent online tool to share and annotate PDF files. If your friends do not have PDF file reader, you can upload the file to CrocoDoc and it will become viewable in the site’s HTML5 interface. The PDF file can also be annotated. The original and annotated versions can be downloaded separately by visitors to the PDF’s URL.

As the conceptual contours of Do Not Track are being worked out, an interesting question to consider is whether such a regulation—if promulgated—would survive a First Amendment challenge. Could Do Not Track be an unconstitutional restriction on the commercial speech of online tracking entities? The answer would of course depend on what restrictions a potential regulation would specify. However, it may also depend heavily on the outcome of a case currently in front of the Supreme Court—Sorrell v. IMS Health Inc.—that challenges the constitutionality of a Vermont medical privacy law.

Talk about a Facebook page coming back to bite you! AP reports that a Beverly Hills psychiatrist has found himself under challenge as an expert witness in custody cases because of a Facebook page that was “not intended for public viewing” and for some other images he uploaded to the Internet that he claims were “satire:”

Some parents are seeking to remove a Beverly Hills psychiatrist from their child custody cases after discovering lewd photos of him on Facebook and other websites, a newspaper reported.

Dr. Joseph Kenan, president of the American Society for Adolescent Psychiatry, was dismissed from a recent case and challenged in at least two others.

The 41-year-old, who advises family courts in custody disputes, also faces at least four complaints lodged with the Medical Board of California, according to a records review by the Los Angeles Times.

Interestingly, one parent who had sought to have Dr. Kenan dismissed from a case, was unsuccessful. According to the AP:

“You’re saying Dr. Kenan should be disqualified because of a goofy Facebook page. What on earth does it have anything to do with this court?” Commissioner Mary Lou Katz asked.

That’s an interesting question in a day and age when lawyers are googling potential jurors, judges are instructing jurors to stay off Facebook with respect to the trial, and employers are making employment decisions about people based on Facebook postings. Does the psychiatrist’s Facebook page say anything about his professional judgment? While Commissioner Katz may not think so, others might disagree.

And did the doctor simply screw up his Facebook privacy settings, or did Facebook decide to share his information at some point, or is he just misrepresenting now that he’s been exposed (no pun intended)?

Since winning election to the US Senate in 2008, Al Franken (D-MN) has become one of that chamber's top net neutrality defenders.

… Franken has even gone so far as to call net neutrality the "First Amendment issue of our time." Those are tough words, but Franken remains convinced of their truth, even as he supports a controversial plan to censor websites over concerns about piracy and counterfeiting. (That legislation, called the Combating Online Infringement and Counterfeits Act or COICA, is currently under consideration.)

Special Research Report: Cloud Computing - "In December 2010, the 1105 Government Information Group and Beacon Technology Partners conducted a survey of federal IT managers to determine their attitudes toward cloud computing. The survey revealed the greatest cloud opportunities among federal agencies and the preferred deployment modes for cloud initiatives. Additionally, the research showed perceived advantages of cloud computing, concerns about security, and more. Read this special research report for more information."

"Microsoft has announced a release date for Windows Intune, its cloud-based solution for PC management for businesses, whether computers are on the corporate network or operated remotely. Intune will be released on March 23 for $11 per PC per month."

A growing portion of my practice is working my the litigators in my firm on cases of online torts, including defamation and harassment. This mainly involves working to track down people who do harmful things under a veil of supposed internet anonymity. This includes people who hide behind pseudonyms on chat boards and other internet fora while saying defamatory things in addition to the (apparently) growing problem of creating fake Facebook profiles in order to harass and bully others. We’ve dealt with similar situations involving online dating sites, where people have set up fake profiles in the names of the victims in order to harass them.

[...]

Some of the cases I’ve worked on have become well-publicized in this region, and I was asked by the Canadian Bar Association – New Brunswick Branch to present on the topic at their annual Mid-Winter Meeting. In case you’re interested, below is a presentation on what sorts of tracks people leave online and how they can be assembled and used to try to identify otherwise unnamed defendants. In almost all cases, they involve applying to the court for Norwich orders, which is a form of order from the court to require a mostly uninvolved third-party to provide information that will lead to the identification of the actual defendant.

"Now in its tenth year, the Internet Crime Complaint Center (IC3) has become a vital resource for victims of online crime and for law enforcement investigating and prosecuting offenders. In 2010, IC3 received the second-highest number of complaints since its inception. IC3 also reached a major milestone this year when it received its two-millionth complaint. On average, IC3 receives and processes 25,000 complaints per month. IC3 is more than a repository for victim complaints. It serves as a conduit for law enforcement to share information and pursue cases that often span jurisdictional boundaries. IC3 was founded in 2000 as a joint effort between the National White Collar Crime Center (NW3C)/Bureau of Justice Assistance (BJA) and the Federal Bureau of Investigation (FBI). That partnership leveraged the resources necessary to aid law enforcement in every aspect of an Internet fraud complaint. The most common victim complaints in 2010 were non-delivery of payment/merchandise, scams impersonating the FBI (hereafter “FBI-related scams”) and identity theft. Victims of these crimes reported losing hundreds of millions of dollars."

Google Code University is an online repository of tutorials and course content in the form of text, video and slides to help people get started with various computer science topics, especially those that center around web development. You’ll find courses related to web programming, web security, Android, Google APIs, tools and much more.

… All the courses on the site fall under the Creative Commons license, thereby making it easy to use and share. You don’t need a Google account to access the courses either. It’s as simple as it can get.

This is the one site you should head to if you fear your PowerPoint presentations are a bit lacking when it comes to sheer visual force. On Visual Bee, you will be able to have any presentation that you have created enhanced in a really radical scale. This is done in a really easy way - simply installing the provided plug-in will let enable Visual Bee to go through your content and have it largely improved in graphical terms. A library of over 15,000 images is used for these purposes.

Yet, note that aspects like your logo will be respected, and that you are the one having the final word on the design itself.

… Two versions of Visual Bee are already available: Visual Bee Free, and Visual Bee Premium. Only the premium edition of Visual Bee lets you brand your design, and have access to as many images as mentioned in the first paragraph - the free version is limited to about 3,000 images only.

Monday, February 28, 2011

As the surreptitious tracking of Internet users becomes more aggressive and widespread, tiny start-ups and technology giants alike are pushing a new product: privacy.

Companies including Microsoft Corp., McAfee Inc.—and even some online-tracking companies themselves—are rolling out new ways to protect users from having their movements monitored online. Some are going further and starting to pay people a commission every time their personal details are used by marketing companies.

[...]

…. Mr. Sequeira became one of the first customers of London start-up Allow Ltd., which offers to sell people’s personal information on their behalf, and give them 70% of the sale. Mr. Sequeira has already received one payment of £5.56 ($8.95) for letting Allow tell a credit-card company he is shopping for new plastic.

"Data is a new form of currency," says Shane Green, chief executive of a Washington start-up, Personal Inc., which has raised $7.6 million for a business that aims to help people profit from providing their personal information to advertisers.

Gmail users complained today of suddenly and mysteriously having lost old e-mail, folders, and contacts, and Google said it was looking into the issue but that the problem did not appear to be widespread.

At 12:09 p.m. PT, Google said on its Apps status dashboard that it was aware of the issue and was investigating. At 5:02 p.m., the company said it was "continuing to investigate this issue. Google engineers are working to restore full access. Affected users may be temporarily unable to sign in while we repair their accounts." Less than 0.08 percent of the Gmail user base is affected, Google said.

(Related) A fix for “the Cloud is down?” Could create issues with your Record Retention plan... (Beta will be opened in March)

… Primadesk app aims to give us back our control over all our content, even if it's stored in a wide variety of cloud-based applications.

The idea is pretty simple: the Primadesk app provides single sign-on access to most popular Web-based services and lets users quickly and easily locate and manage content stored in them, including dragging and dropping files, photos, and documents between them.

Essentially, Primadesk is a personal cloud search engine that also comes with a file-management function. Enter a search term, such as "Paris" and you get results showing all your Gmails, Flickr photos, Google Docs files, and so on that mention the City of Light. And while CEO Srinivasa Venkataraman, formerly the CEO of AppStream, acknowledges that there are other services, such as Greplin and CloudMagic, that make it possible to search for personal content in the cloud, he argued that only Primadesk also offers the ability to manage all that content once you find it.

The special sauce of the app is that Primadesk has figured out how to let you grab a file from one service--say, a Flickr photo--and drag it to another--say, Facebook. Or a document from a Web-based word processor into Gmail. And you can both copy to and pull from your hard drive as well.

In addition, the app automatically backs up previous states of cloud content onto your hard drive, meaning that if you've backed up and then deleted, say, a Facebook message, Primadesk will have it for you. And it does so at a folder level, allowing you to see previous states of Facebook, Gmail, Flickr, and so on, regardless of what you've done with them online.

Gaikai CEO David Perry announced the launch of his company's cloud gaming service on Friday. Designed as a platform to allow game publishers and others to embed streaming gameplay trials on their Web sites, Gaikai has been in development since 2008. Gaikai investors include Intel and Limelight Networks, and the service counts Electronic Arts among its game publisher partners.

… Unlike OnLive, a cloud gaming service that sells access via a la carte and subscription models, Gaikai so far bills itself primarily as a technology provider. It does not currently have a consumer subscription model, and its marketing efforts thus far seem focused at game publishers and Web sites.

"Our thinking is somewhat like YouTube, as instead of just building a portal to go and watch videos, they decided to focus on putting videos everywhere on the web. We are doing the same with games, so when you read a review on a game, you can try playing it right there on the same page as the review," says Perry on his blog.

If you have $10 million, you don't have to invest like the little people...

JPMorgan Chase’s new fund aimed at investing in social-media companies is seeking to buy a minority stake in Twitter that could value the service at close to $4.5 billion, people briefed on the matter said Sunday.

Sunday, February 27, 2011

Facebook previewed a new notice strategy today. Part of the proposed change is a simpler privacy policy. Meh. I, like many, am a privacy policy skeptic. I'm skeptical of layered notice, too. I'm even skeptical of privacy policy icons, tables, and nutrition-style labels. They all run into the same problem: written text cannot simultaneously be readable and exhaustive, thorough and yet concise.

As an alternative, I argue for a concept I've been calling "visceral" privacy notice. Rather than tell people at length what your privacy practices may be, you show them what they really are. Facebook took a step in this direction today, joining Google and Yahoo! in what I hope to be an emerging best practice.

… Today Facebook joined Google and Yahoo! in offering a form of visceral notice to users. Specifically, Facebook has assembled interactive tools that permit users to see how their profile looks to the public, what apps they use, etc. Most exciting of all, Facebook offers a unique new tool that lets users see exactly how ads are targeted by going through the motions of creating an ad themselves.

Did India just Opt-Out of Cloud Computing or did they make themselves a safe place to be in the Cloud?

The Reasonable Security Practices and Procedures and Sensitive Personal Information rules could impact all information processing and business processes outsourced to India. The draft rule covers user information that is processed in India no matter where that information was originally collected.

… The Due Diligence Observed by Intermediaries Guidelines require that an intermediary notify all users of computer resources of unethical and unsafe online activity that must be avoided, and police users that engage in such activity on sites the intermediary hosts. The Guidelines also require that intermediaries themselves refrain from such activity and provide information to government agencies related to prohibited behavior.

Dr. Michelle Post tipped me off to this site. Hundreds of free lessons on topics my students actually need. What a concept!

We create and provide quality, innovative online learning opportunities to anyone who wants to improve the technology, literacy, and math skills necessary for them to be successful in both work and life.

In a three and a half minute video, Microsoft may have shown the world what it has in store for the eagerly awaited Windows 8. In the video Microsoft showed a radically different interface from past versions of Windows -- even Windows 7. Running on Surface 2, the touch-screen successor to the original Microsoft Surface, the device accepts input from a Windows Phone 7 handset (HTC HD7).

Gone are the icons that drive Windows, OS X, and Linux operating systems of past and present. In their place are "bubbles" that interacted with files and post streaming information off the internet.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.